// 用标签模板过滤html，防止 XSS 攻击
// `<p>${sender} has sent you a ${moreContent} message.</p>`

// 常规的思路，就是对每个输出变量做html过滤，再拼接，显得比较繁琐

function antiXSS(templateData) {
    let s = templateData[0]
    for (let i = 1; i < arguments.length; i++) {
        let val = arguments[i]
        val = val.replace(/&/g, '&amp;').replace(/>/g, '&gt;').replace(/</g, '&lt;')
        s += val
        s += templateData[i]
    }
    return s
}

const sender = '<div><em>Lucy</em></div>'
const moreContent = '<b>100</b>'

const html = antiXSS`<p>${sender} has sent you a ${moreContent} message.</p>`
console.log(html)
